Merge "Blackduck scan fixes and PenTest"

1 files changed, 19 insertions, 1 deletions

diff --git a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java
index bb58e647..f69a6dda 100644
--- a/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java
+++ b/ecomp-sdk/epsdk-core/src/main/java/org/onap/portalsdk/core/web/support/UserUtils.java
@@ -56,6 +56,7 @@ import javax.servlet.http.HttpSession;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.domain.RoleFunction;
 import org.onap.portalsdk.core.domain.User;
+import org.onap.portalsdk.core.domain.UserApp;
 import org.onap.portalsdk.core.exception.SessionExpiredException;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.menu.MenuBuilder;
@@ -72,6 +73,8 @@ public class UserUtils {
 	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(UserUtils.class);
 
 	public static final String KEY_USER_ROLES_CACHE = "userRoles";
+	
+	private static final String DISPLAY_TEXT = "*******";
 
 	public static void setUserSession(HttpServletRequest request, User user, Set applicationMenuData,
 			Set businessDirectMenuData, String loginMethod, List<RoleFunction> roleFunctionList) {
@@ -393,5 +396,20 @@ public class UserUtils {
         ecompRoleFunction.setAction(rolefun.getAction());
         return ecompRoleFunction;
  }
-
+ public static Set<UserApp> getUserApps(Set<UserApp> userCurrentApps)
+	{
+		Set<UserApp> userapplications = new HashSet<>();
+		for (UserApp userApp : userCurrentApps) {
+			obfuscateSensitiveDataUserApps(userApp);
+			userapplications.add(userApp);
+		}
+		return userapplications;
+	}
+ 
+ private static void obfuscateSensitiveDataUserApps(UserApp userApp)
+	{
+		userApp.getApp().setAppPassword(DISPLAY_TEXT);
+		userApp.getApp().setUebKey(DISPLAY_TEXT);
+		userApp.getApp().setUebSecret(DISPLAY_TEXT);
+	}
 }